# Mount debugfs on /sys/kernel/debug.
allow init debugfs:dir mounton;

# /dev/block/mmcblk0p[0-9]
allow init emmcblk_device:blk_file rw_file_perms;

allow init block_device:lnk_file { setattr };
allow init tmpfs:lnk_file create_file_perms;

# /data
allow init sdcardd_exec:file r_file_perms;

# sysfs iio:device[0-9]
allow init sysfs:lnk_file setattr;

# read/chown mDNIE symlinks
allow init sysfs_mdnie_writable:lnk_file { read setattr };

allow init tee_device:chr_file { write ioctl };

allow init mif_device:chr_file { write ioctl };

allow init kmsg_device:chr_file write;

allow init property_socket:sock_file write;

allow init system_data_file:fifo_file write;

allow init camera_device:file { relabelto setattr };
allow init camera_device:lnk_file { relabelto };
allow init camera_device:dir { relabelto };
allow init debugfs:file write;
allow init efs_file:dir mounton;

# superuser
allow init su:process { transition rlimitinh siginh noatsecure };

# RIL
allow init socket_device:sock_file { create open read write getattr setattr };
